Archive

Posts Tagged ‘administrative permissions’

Host checks/EPA scans are not for everyone – #Citrix, #NetScaler, #AccessGateway

January 30, 2013 Leave a comment

This is an interesting blog post from Citrix… It captures a scenario that I know one of my previous customers was thinking of, so have a look at it!

The main thing that think of when reading this though is that EPA scans are NOT for everyone, I agree. And please also read my earlier posts on why it cannot be done with todays products from Citrix.

#Citrix #Receiver 3.4 and 11.7 = is the #SmartAccess story more real now? – #CloudGateway, #AGEE, #NetScaler, #StoreFront

#Citrix #SmartAccess = A complete story or not? – #NetScaler #AGEE #EPA

Even though the latest Receiver Receivers changed some scenarios and enables host checks/EPA scans it still doesn’t provide the full picture. But I’ll be publishing a more detailed picture on why later, some late night I’ll be able to complete it! 😉

Here you have the blog post from Tobias Frigger:

A customer of one of my Citrix Consulting colleagues recently came up with an interesting request.

Like many others they are using Citrix NetScaler’s Access Gateway Enterprise Edition module to grant remote secure remote access to applications and desktops.
Additionally, they use a client management and software distribution solution to deploy the EPA plugin to client computers and therefore wanted to suppress Access Gateway offering the EPA scan plugin for download through the browser. This introduces some additional level of control over which client is entitled to connect through Access Gateway.

An approach restricting certain user groups from logging in by using group memberships is a more common scenario, but in this case the customer intended to restrict the end points and not the users. When end users lack administrative permissions to install custom software, preventing the download is indeed an effective measure.

A job for Citrix Consulting!

As you know, Access Gateway Enterprise Edition offers two ways of running Endpoint Analysis (EPA) scans – before and after authentication. Consequently, there are two procedures.

The formal requirements

  • Remove the download button displayed when accessing the AGEE virtual server and the plugin is not detected by the browser or if the plugin is outdated
  • Alter the message text such that it refers user to contact their system administrator if they think the plugin should be installed.
  • When using a post-authentication EPA scan, add a “logout” button.

EPA Scan dialogue

Backup
As a precaution, we want to make backup copies…

Continue reading here!

//Richard

Categories: Access Gateway, Citrix, NetScaler, Receiver, Uncategorized Tags: , , , , , , , , , , , , ,
%d bloggers like this: